<?php

/***
To do: Filter input values, including username and password to prevent SQL inject and other attacks.
***/

require_once('inc/class.sql.php');
require_once('inc/class.auth.php');
require_once('inc/db.php');

session_start();

if (isset($_GET['session_end'])) {
    if ($_GET['session_end'] == 1) {
	session_unset();
	session_destroy();
    }
}

$sql_conn = new mysql($host,$db,$user,$pass); ?>

<html>
<title>To-do List</title>
<?php include('inc/theme.php'); ?>
<br />
<p style="font-size:40px;font-family:'Roboto Slab'">LOGIN</p>
  <form method="post">
    <table>
      <tr>
        <td>
          <input type="text" name="username" placeholder="Username"><br />
        </td><td>
          <input type="password" name="password" placeholder="Password"><br />
        </td><td>
          <input type="submit" value="Login">
        </td>
      </tr>
    </table>
  </form>

<?php if (!empty($_POST)) {

    $username = $_POST['username'];
    $password = md5($_POST['password']);

    $auth = new auth($sql_conn,$username,$password);
    $result = $auth->login();

    if (!empty($_SESSION['username'])) { ?>

        <a href="list.php">Go to list as <?php print $_SESSION['username']."</a> | ";

    }

} ?>

<a href="signup.php">Create an account</a>
</body></html>
